Oracle Database 11g Release 2 (126.96.36.199) New Security Features
Enhancements to Fine-Grained Access to External Services and Wallets
In this release, when you use fine-grained access control to configure external network services and wallets, you now can control access to the DBMS_LDAP PL/SQL package. In a default database installation, this package is created with the EXECUTE privilege granted to PUBLIC users. This release enhances the security of this package by enabling you to control access to applications in the database that use this package.
As part of this enhancement, the DBMS_LDAP package is now an invoker's rights package. Before a user can connect to a remote network host,
he or she must be granted the connect privilege in the access control list that was assigned to the remote network host.See Oracle Database PL/SQL Packages and Types Reference for more information about the DBMS_LDAP package.
Support for MERGE INTO Statements for Virtual Private Database Policies
In previous releases of Oracle Database, when you created an Oracle Virtual Private Database policy on an application that included the MERGE INTO statement, the MERGE INTO statement would be prevented with an ORA-28132: Merge into syntax does not support security policies error, due to the presence of the Virtual Private Database policy. In this release, you can create policies on applications that include MERGE INTO operations. To do so, in the DBMS_RLS.ADD_POLICY statement_types parameter, include the INSERT, UPDATE, and DELETE statements, or just omit the statement_types parameter altogether.
There are so many new ideas in Oracle's documentation for security and password management, it may be hard for you to decide where to begin.
The concepts introduced with Oracle10g are intended to simplify the overall management of security, but it will take some study and experimentation on your part to decipher all the choices and determine what portions are best for your particular circumstances.
The MouseOver below shows a variety of the security choices available to you if you are using a combination of Internet and intranet applications. A module later in this course goes into more detail on all of these choices plus a few more.
Oracle Advanced Security
Many more options exist from which to choose, and you can explore them later in this course. The next lesson while conclude this module.